Malicious
Malicious

MsproviderHostperfNet.exe

PE Executable
MD5: ac4d82f073cbd9d856d240f227cb9080
Size: 1.92 MB
application/x-dosexec
Ctrl + scroll to zoom · drag to pan

Get an AI-generated breakdown of this malware's behaviour, IOCs and recommendations.

AI analysis is available with Essential.
Unlock with Essential
Symbol Obfuscation Score Very high
MD5 ac4d82f073cbd9d856d240f227cb9080
Sha1 67ea451a5974562aa78119a61c482d8302f66b0e
Sha256 c4952e123128e1ed3e24727fcd835d02a993858d36712d27ef5629db88d428d1
Sha384 93a8b51c03d6784146069227b7bd6e0639cd3619f8aec20c0c179e3641c8608992f6e6014e3b8baa35eac96800fdd722
Sha512 68842c9db6f3589b98d32c976d31b0ea5aca259baa91fa45487acd38eb631862b3c410978932beea3f092db60a5f9687f8b3031aee5a461030a23046f9e69db8
SSDeep 24576:zylaBiQO1297+EGcuj24VN6kCriQrl4T/zYw1/eIyY/q7jvurJbtBjbvwTqO9UJ0:znBK1Ncw+nhpY/aurJ5drwTt90
TLSH CA95AE1665924E32C3A467758597213D82B0D7763E52FB0B371F6093AD0BBF18F622B2
PeID
.NET executableMicrosoft Visual C# / Basic .NETMicrosoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL Microsoft Visual C# v7.0 / Basic .NETMicrosoft Visual Studio .NET
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
.Net Resources
aKWkQsyGnEXrCfcNp1.t78oCVdFvo51S9qmaR
jZbCcxA45bpO0l2qii.FWZY8DXIZQjT9DwpPn
mGCF9yPFdRdHmmbXUu.6mfPOJ2B3w1mRc7IHk
rWOIItccXaZ52jc6TQ.rEU6pZ3v48gl0X5PuG
qG3EyEkBuCTRRaE6iI.65JxwlwlwAUOrDZbjC
UwEYyCGFVKt8UmP0Fv.XqZ7oaTcZDVq3QfECk
Name Value
Info
PE Detect: PeReader OK (file layout)
Module Name
pxqDsBPmp0nY
Full Name
pxqDsBPmp0nY
EntryPoint
System.Void dOTodySwoeknhTLV5Kp.hJvDk2SkJkfL9n2nN2e::s2xScOIAnu()
Scope Name
pxqDsBPmp0nY
Scope Type
ModuleDef
Kind
Windows
Runtime Version
v4.0.30319
Tables Header Version
512
WinMD Version
<null>
Assembly Name
SGxDUr5uRrbW2X9YcTIdUkMi5E
Assembly Version
4.1.5.0
Assembly Culture
<null>
Has PublicKey
False
PublicKey Token
<null>
Target Framework
.NETFramework,Version=v4.0
Total Strings
47
Main Method
System.Void dOTodySwoeknhTLV5Kp.hJvDk2SkJkfL9n2nN2e::s2xScOIAnu()
Main IL Instruction Count
44
Main IL
ldc.i4 3
stloc V_0
br IL_000E: ldloc V_0
ldloc V_0
switch dnlib.DotNet.Emit.Instruction[]
br IL_0030: ldnull
ldnull <null>
ldnull <null>
newobj System.Void V7ePvUwZXP8qu8uWMKR.tjGwdWwsRhY3TyQGxT4::.ctor(System.String,System.String)
call System.Void ggCkhYTxPUEo6UeKxmg.okG4olTSCOAmTeSh2l3::iNMTYtyHEU(V7ePvUwZXP8qu8uWMKR.tjGwdWwsRhY3TyQGxT4)
ldc.i4 4
stloc V_0
br IL_000E: ldloc V_0
ret <null>
ldc.i4 1302526782
ldc.i4 6
shr <null>
ldc.i4 538297147
xor <null>
ldsfld <Module>{07d74948-751b-4403-9f88-75da5912d256} <Module>{07d74948-751b-4403-9f88-75da5912d256}::m_3397c3989250464181c6b003fb10e3bf
ldfld System.Int32 <Module>{07d74948-751b-4403-9f88-75da5912d256}::m_6466e38823124ba597bd304191ef20ed
xor <null>
call System.String tWR3dvQLtAtCxwUD6hX.Vn2wpoQMXf4o9j4JNVL::kQ1QO1KdPa(System.Int32)
newobj System.Void wTsShLXyq6h4J76h9YJ.xQ8pjcX2EdFokD8TdkS::.ctor(System.String)
call System.Void wTsShLXyq6h4J76h9YJ.xQ8pjcX2EdFokD8TdkS::LjKXdthu7R()
ldc.i4 1
ldsfld <Module>{07d74948-751b-4403-9f88-75da5912d256} <Module>{07d74948-751b-4403-9f88-75da5912d256}::m_3397c3989250464181c6b003fb10e3bf
ldfld System.Int32 <Module>{07d74948-751b-4403-9f88-75da5912d256}::m_4b1680f3c1d849d49a6e111af446156f
brfalse IL_0012: switch(IL_0030,IL_004A,IL_0095,IL_00BA,IL_004B)
pop <null>
ldc.i4 0
br IL_0012: switch(IL_0030,IL_004A,IL_0095,IL_00BA,IL_004B)
newobj System.Void gdwydOA2WhG8ANwUgFg.CIyfsRAPsOTTWFhZSPH::.ctor()
pop <null>
ldc.i4 0
ldsfld <Module>{07d74948-751b-4403-9f88-75da5912d256} <Module>{07d74948-751b-4403-9f88-75da5912d256}::m_3397c3989250464181c6b003fb10e3bf
ldfld System.Int32 <Module>{07d74948-751b-4403-9f88-75da5912d256}::m_cc79a747015f481ebe29a9933783a369
brtrue IL_0012: switch(IL_0030,IL_004A,IL_0095,IL_00BA,IL_004B)
pop <null>
ldc.i4 0
br IL_0012: switch(IL_0030,IL_004A,IL_0095,IL_00BA,IL_004B)
call System.Void lgBJuhe5tgSfVjnALDe.FDKlHQeLkpuXuGa8JEG::lWKTAsT4AIy()
ldc.i4 2
br IL_0012: switch(IL_0030,IL_004A,IL_0095,IL_00BA,IL_004B)
Module Name
pxqDsBPmp0nY
Full Name
pxqDsBPmp0nY
EntryPoint
System.Void dOTodySwoeknhTLV5Kp.hJvDk2SkJkfL9n2nN2e::s2xScOIAnu()
Scope Name
pxqDsBPmp0nY
Scope Type
ModuleDef
Kind
Windows
Runtime Version
v4.0.30319
Tables Header Version
512
WinMD Version
<null>
Assembly Name
SGxDUr5uRrbW2X9YcTIdUkMi5E
Assembly Version
4.1.5.0
Assembly Culture
<null>
Has PublicKey
False
PublicKey Token
<null>
Target Framework
.NETFramework,Version=v4.0
Total Strings
47
Main Method
System.Void dOTodySwoeknhTLV5Kp.hJvDk2SkJkfL9n2nN2e::s2xScOIAnu()
Main IL Instruction Count
44
Main IL
ldc.i4 3
stloc V_0
br IL_000E: ldloc V_0
ldloc V_0
switch dnlib.DotNet.Emit.Instruction[]
br IL_0030: ldnull
ldnull <null>
ldnull <null>
newobj System.Void V7ePvUwZXP8qu8uWMKR.tjGwdWwsRhY3TyQGxT4::.ctor(System.String,System.String)
call System.Void ggCkhYTxPUEo6UeKxmg.okG4olTSCOAmTeSh2l3::iNMTYtyHEU(V7ePvUwZXP8qu8uWMKR.tjGwdWwsRhY3TyQGxT4)
ldc.i4 4
stloc V_0
br IL_000E: ldloc V_0
ret <null>
ldc.i4 1302526782
ldc.i4 6
shr <null>
ldc.i4 538297147
xor <null>
ldsfld <Module>{07d74948-751b-4403-9f88-75da5912d256} <Module>{07d74948-751b-4403-9f88-75da5912d256}::m_3397c3989250464181c6b003fb10e3bf
ldfld System.Int32 <Module>{07d74948-751b-4403-9f88-75da5912d256}::m_6466e38823124ba597bd304191ef20ed
xor <null>
call System.String tWR3dvQLtAtCxwUD6hX.Vn2wpoQMXf4o9j4JNVL::kQ1QO1KdPa(System.Int32)
newobj System.Void wTsShLXyq6h4J76h9YJ.xQ8pjcX2EdFokD8TdkS::.ctor(System.String)
call System.Void wTsShLXyq6h4J76h9YJ.xQ8pjcX2EdFokD8TdkS::LjKXdthu7R()
ldc.i4 1
ldsfld <Module>{07d74948-751b-4403-9f88-75da5912d256} <Module>{07d74948-751b-4403-9f88-75da5912d256}::m_3397c3989250464181c6b003fb10e3bf
ldfld System.Int32 <Module>{07d74948-751b-4403-9f88-75da5912d256}::m_4b1680f3c1d849d49a6e111af446156f
brfalse IL_0012: switch(IL_0030,IL_004A,IL_0095,IL_00BA,IL_004B)
pop <null>
ldc.i4 0
br IL_0012: switch(IL_0030,IL_004A,IL_0095,IL_00BA,IL_004B)
newobj System.Void gdwydOA2WhG8ANwUgFg.CIyfsRAPsOTTWFhZSPH::.ctor()
pop <null>
ldc.i4 0
ldsfld <Module>{07d74948-751b-4403-9f88-75da5912d256} <Module>{07d74948-751b-4403-9f88-75da5912d256}::m_3397c3989250464181c6b003fb10e3bf
ldfld System.Int32 <Module>{07d74948-751b-4403-9f88-75da5912d256}::m_cc79a747015f481ebe29a9933783a369
brtrue IL_0012: switch(IL_0030,IL_004A,IL_0095,IL_00BA,IL_004B)
pop <null>
ldc.i4 0
br IL_0012: switch(IL_0030,IL_004A,IL_0095,IL_00BA,IL_004B)
call System.Void lgBJuhe5tgSfVjnALDe.FDKlHQeLkpuXuGa8JEG::lWKTAsT4AIy()
ldc.i4 2
br IL_0012: switch(IL_0030,IL_004A,IL_0095,IL_00BA,IL_004B)
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
.Net Resources
aKWkQsyGnEXrCfcNp1.t78oCVdFvo51S9qmaR
jZbCcxA45bpO0l2qii.FWZY8DXIZQjT9DwpPn
mGCF9yPFdRdHmmbXUu.6mfPOJ2B3w1mRc7IHk
rWOIItccXaZ52jc6TQ.rEU6pZ3v48gl0X5PuG
qG3EyEkBuCTRRaE6iI.65JxwlwlwAUOrDZbjC
UwEYyCGFVKt8UmP0Fv.XqZ7oaTcZDVq3QfECk
No malware configuration was found at this point.
You must be signed in to view YARA rules.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙